blueteam

Interrogating Bias in Incident Response

6 minute read Published: 2022-11-03

It's Friday afternoon. It always happens on Friday afternoon. You're ready to be done for the week, having closed out a pesky ticket that took far too long. Just as you're about to lock the screen and punch out for the day, you watch the email arrive—almost in slow motion—with that dreadful tagline:

URGENT: Account Compromised

Goodbye to your Friday evening. You don't get to sit down and watch the game. You don't get to enjoy a nice dinner with the fam. Because you, through a series of questionable life choices, have made your way to the role of Lead Incident Responder. The clock is ticking, and all eyes are on you.

And you know you have at least 2 adversaries: the criminal trying to cause your organization harm, and your own flawed, bias-prone brain.